Fix exploit on chrome - Githubissues

mpgn / poodle-PoC

:poodle: Poodle (Padding Oracle On Downgraded Legacy Encryption) attack CVE-2014-3566 :poodle:

MIT License

249 stars 75 forks source link

Fix exploit on chrome #7

Open mpgn opened 6 years ago

mpgn commented 6 years ago

On chrome, the exploit doesn't work because of multiple exceptions that break completely the socket connection. Those errors were not raised on firefox.

Edit: fix


try:
       (content_type, version, length) = struct.unpack('>BHH', ssl_header)
except struct.error as err:
       return

mpgn commented 6 years ago

Another problem:

Chrome (2 requests) VS Firefox (1 request)

Every request send to the server with chrome is followed by another request, the favivon !

mpgn commented 6 years ago

Well, chrome doesn't handle data like firefox... After sending multiple request with javascript, the server always return hmac error even if there is no hmac error. Very very strange